Drop root during base image build and use venv (#1682)

author Kirill Birger <kbirger@gmail.com>

Sun, 29 Sep 2024 22:08:22 +0000 (18:08 -0400)

committer GitHub <noreply@github.com>

Sun, 29 Sep 2024 22:08:22 +0000 (00:08 +0200)
author Kirill Birger <kbirger@gmail.com>
Sun, 29 Sep 2024 22:08:22 +0000 (18:08 -0400)
committer GitHub <noreply@github.com>
Sun, 29 Sep 2024 22:08:22 +0000 (00:08 +0200)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml

index adaeb6e56161800cb63ec890ce2bf5371dd07216..46d57bf31f215d3e7f17f5cca5d645a66f5b211c 100644 (file)
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,8 +6,8 @@ on:
  
  env:
    PYTHON_VERSION: "3.11"
-  BASE_IMAGE_VERSION_STABLE: "1.0.10"
-  BASE_IMAGE_VERSION_BETA: "1.0.10"
+  BASE_IMAGE_VERSION_STABLE: "1.1.0"
+  BASE_IMAGE_VERSION_BETA: "1.1.0"
  
  jobs:
    build-artifact:
diff --git a/Dockerfile.base b/Dockerfile.base

index 3656e85508ddb7c579616ae5e3a6b00f92029285..09f97d0278d925fe89eaef7abb086c2d56307b5d 100644 (file)
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -29,18 +29,24 @@ RUN set -x \
  RUN mkdir -p /usr/local/bin/widevine_cdm
  COPY widevine_cdm/* /usr/local/bin/widevine_cdm/
  
-# Upgrade pip + Install uv
-RUN pip install --upgrade pip \
-    && pip install uv==0.2.27
+RUN adduser -D app app \
+    && chmod -R 775 /tmp \
+    && chgrp -R app /tmp
+
+WORKDIR /home/app
+USER app
+
  
  # Configure runtime environmental variables
  ENV LD_PRELOAD="/usr/lib/libjemalloc.so.2"
-ENV VIRTUAL_ENV=/opt/venv
+ENV VIRTUAL_ENV=/home/app/venv
  
  # create venv and set some permissions to allow running the container as non-root
  RUN python3 -m venv $VIRTUAL_ENV && \
-    chmod -R 777 $VIRTUAL_ENV && \
-    chmod -R 777 /tmp
+
+    source $VIRTUAL_ENV/bin/activate && \
+    pip install --upgrade pip \
+    && pip install uv==0.4.17
  
  ENV PATH="$VIRTUAL_ENV/bin:$PATH"
  WORKDIR $VIRTUAL_ENV
author	Kirill Birger <kbirger@gmail.com>
	Sun, 29 Sep 2024 22:08:22 +0000 (18:08 -0400)
committer	GitHub <noreply@github.com>
	Sun, 29 Sep 2024 22:08:22 +0000 (00:08 +0200)
.github/workflows/release.yml		patch \| blob \| history
Dockerfile.base		patch \| blob \| history